The Financial Sector Conduct Authority (FSCA) has raided the offices of Mirror Trading International (MTI) in Stellenbosch and Polokwane, as well as the home of two of its leadership team members in Durban.
The FSCA seized electronic and telephonic records from cell phones, notebooks, and PCs at the three locations.
“On application by the FSCA, three separate high courts in three separate jurisdictions issued warrants for the FSCA to search premises relating to MTI and seize relevant information,” the FSCA stated.
The FSCA said that the warrants were obtained in terms of the Financial Sector Regulation Act, which allows it to obtain warrants to conduct search and seizure of information relating to a financial sector contravention.
It also stated that, in terms of section 251 of the FSR Act, it is not permitted to comment on the contents of the files and other data it seized.
No arrests were made.
“We do not conduct criminal investigations and our investigations are in terms of the Financial Sector Regulations Act which is aimed at protecting the South African Investing public and to ensure a secure financial sector exists,” the FSCA said.
“Our investigations may lead to referrals of evidence to other authorities, or to the SAPS.”
The FSCA explained that its next step is to examine the evidence and compare it with other information that it has obtained.
“On conclusion, we will make decisions involving whether we should take administrative steps against any person and or refer the evidence obtained to other bodies.”
MyBroadband contacted Mirror Trading International for comment on the raid, but the company did not respond by the time of publication.
Regulators warn against MTI
The raid on MTI’s offices comes after the FSCA said it was investigating the company.
“MTI has informed us that they accept clients’ funds in the form of Bitcoin, pool the funds into one trading account on a forex derivate trading platform, and conduct high-frequency trading through the utilisation of a bot,” the FSCA said.
If MTI operated as described, the FSCA stated that would amount to offering financial services and it would require a financial service provider licence.
However, the FSCA had much greater concerns about MTI’s activities other than the lack of a licence.
At the time, MTI claimed to have more than R2.9 billion in clients’ funds in trading accounts, but the FSCA has not been able to conclusively confirm that the funds exist.
“Moreover, the returns on the investments claimed by MTI seems far-fetched and unrealistic,” the FSCA said.
MTI said at the time that its bot-trading is able to generate consistent profits of an average of 10% per month. More recently it said it has seen an average return of 0.5% per day.
The FSCA recommended that MTI clients request refunds into their own accounts as soon as possible.
The Texas State Securities Board has also issued an emergency cease-and-desist order against MTI and accused it of perpetrating fraud through an illegal international multilevel marketing programme.
Canada’s Autorité des Marchés Financiers (AMF) has placed MTI on its list of illegal online platforms, issuing a warning that MTI illegally solicits investors.
Anonymous ZA data breach of MTI – The MTILeaks
Following the warnings from regulators around the world, a group calling itself Anonymous ZA published financial information about MTI based on data that it said it collected through MTI’s members portal – mymticlub.com.
According to Anonymous ZA, it discovered security vulnerabilities in the online systems of MTI, which it exploited to extract information about the inner workings of the scheme.
Anonymous ZA said the vulnerability that exposed MTI’s “back office” system was a lack of basic authentication.
Any registered member who is logged into the system could view the information of any other member’s account by simply changing a parameter in the URL.
“All data was acquired using simple enumeration and scraping techniques on the mymticlub.com site,” stated Anonymous ZA.
“No hacks were performed because the lack of basic security did not require it. Just incrementing an id=? parameter on various URLs provided all the data that you see here.”
Using this weakness, it was able to glean detailed information about MTI’s system and see the full names, usernames, email addresses, bitcoin balances, and earnings linked to every account.
Anonymous ZA then published an anonymised copy of the data on a dark web site called MTILeaks.
It said the MTI database shows the company has handled over 22,984 bitcoin in member deposits, amounting to over R4 billion.